Le decadi 30 brumaire, an CCXXIII, Benoit Fouet a écrit : > --- > libavcodec/pngdec.c | 30 ++++++++++++------------------ > 1 file changed, 12 insertions(+), 18 deletions(-) > > diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c > index 57b73c1..e3d61f6 100644 > --- a/libavcodec/pngdec.c > +++ b/libavcodec/pngdec.c > @@ -411,11 +411,6 @@ static int decode_zbuf(AVBPrint *bp, const uint8_t *data, > unsigned buf_size; > int ret; > > - zstream.zalloc = ff_png_zalloc; > - zstream.zfree = ff_png_zfree; > - zstream.opaque = NULL; > - if (inflateInit(&zstream) != Z_OK) > - return AVERROR_EXTERNAL;
What happens if one frame contains a damaged zTXt and the next one a valid
one? With the current code, since the zstream is inited each time, the first
one gives whatever it gives and the second one works normally. With the
modified code, I am afraid that the unpredictable state at the end of the
damaged frame will be kept for the good one.
> zstream.next_in = (unsigned char *)data;
> zstream.avail_in = data_end - data;
> av_bprint_init(bp, 0, -1);
> @@ -437,12 +432,10 @@ static int decode_zbuf(AVBPrint *bp, const uint8_t
> *data,
> if (ret == Z_STREAM_END)
> break;
> }
> - inflateEnd(&zstream);
> bp->str[bp->len] = 0;
> return 0;
>
> fail:
> - inflateEnd(&zstream);
> av_bprint_finalize(bp, NULL);
> return ret;
> }
> @@ -924,16 +917,6 @@ static int decode_frame_png(AVCodecContext *avctx,
>
> s->y = s->state = 0;
>
> - /* init the zlib */
> - s->zstream.zalloc = ff_png_zalloc;
> - s->zstream.zfree = ff_png_zfree;
> - s->zstream.opaque = NULL;
> - ret = inflateInit(&s->zstream);
> - if (ret != Z_OK) {
> - av_log(avctx, AV_LOG_ERROR, "inflateInit returned error %d\n", ret);
> - return AVERROR_EXTERNAL;
> - }
> -
> if ((ret = decode_frame_common(avctx, s, p, avpkt)) < 0)
> goto the_end;
>
> @@ -944,7 +927,6 @@ static int decode_frame_png(AVCodecContext *avctx,
>
> ret = bytestream2_tell(&s->gb);
> the_end:
> - inflateEnd(&s->zstream);
> s->crow_buf = NULL;
> return ret;
> }
> @@ -967,6 +949,7 @@ static int update_thread_context(AVCodecContext *dst,
> const AVCodecContext *src)
> static av_cold int png_dec_init(AVCodecContext *avctx)
> {
> PNGDecContext *s = avctx->priv_data;
> + int ret;
>
> s->avctx = avctx;
> s->last_picture.f = av_frame_alloc();
> @@ -979,6 +962,16 @@ static av_cold int png_dec_init(AVCodecContext *avctx)
> ff_pngdsp_init(&s->dsp);
> }
>
> + /* init the zlib */
> + s->zstream.zalloc = ff_png_zalloc;
> + s->zstream.zfree = ff_png_zfree;
> + s->zstream.opaque = NULL;
> + ret = inflateInit(&s->zstream);
> + if (ret != Z_OK) {
> + av_log(avctx, AV_LOG_ERROR, "inflateInit returned error %d\n", ret);
> + return AVERROR_EXTERNAL;
> + }
> +
> return 0;
> }
>
> @@ -996,6 +989,7 @@ static av_cold int png_dec_end(AVCodecContext *avctx)
> s->last_row_size = 0;
> av_freep(&s->tmp_row);
> s->tmp_row_size = 0;
> + inflateEnd(&s->zstream);
>
> return 0;
> }
Regards,
--
Nicolas George
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
